Intelligent automated agents (or bots) are software programs that serve a specific need for a person or, in theory, for another intelligent automated agent. The intelligent automated agent can be housed on the person's personal computer, on the person's local area network, on a third party's server or on some combination of the foregoing alternatives. Examples of intelligent automated agents are shopping bots that are told what the person wants to buy and that then search various Web sites to determine price and availability. Other intelligent automated agents allow participants in auctions to keep track of the progress of auctions of particular items. As technology advances, intelligent automated agents will become increasingly sophisticated and will complete more and more complex tasks.
In most cases today, who initiated the intelligent automated agent is known only to the person who initiated it and probably to the Web host on whose server the intelligent automated agent is located. If an intelligent automated agent is searching the Web for comparative prices, it can decline to inform the sites being searched as to who is trying to determine prices. In fact, people who are comparison shopping may find anonymity desirable.
As intelligent automated agents become more sophisticated (e.g., actually ordering an item), it can become advantageous to identify an intelligent automated agent (or its initiator) in a secure way. Otherwise, anyone that wants to harm another could create a intelligent automated agent that purports to be initiated by the other and instruct the intelligent automated agent to incur significant liabilities for the other. In addition, as intelligent automated agents become more sophisticated, programming errors will creep in. If a intelligent automated agent orders 10,000 toasters instead of one, and the initiator is not a toaster wholesaler, the results could be costly.
The most likely way that a intelligent automated agent will be tied to its initiator will be through the use of encryption. A much talked-about encryption systems is called public key infrastructure (PKI) and uses digital signatures and digital certificates. By “signing the intelligent automated agent” with a digital signature using a private key, the initiator could allow others to confirm that the intelligent automated agent “belonged” to her. Unfortunately, digital signatures are not foolproof. Although so-called “strong” encryption is extremely difficult to break, it is theoretically possible to do so, especially at the rate at which computing power is increasing. In addition, many users of the Web have not implemented strong encryption and use “weak” encryption instead. Finally, although the digital signatures themselves may be relatively secure, the keys on which they are based are long strings of 0s and 1s that are impossible to memorize. Most systems store the keys and allow users to access them using passwords or tokens. The passwords and tokens are typically relatively insecure.
For the foregoing reasons, no one will be able to control the intelligent automated agents that serve him (or purport to serve him) with absolute precision. Less sophisticated initiators, such as consumers who purchase such intelligent automated agents may have more problems, and will likely be less capable than experts at diagnosing possible sources of problems or liability. The inevitable glitches could create devastating results for the initiator of the intelligent automated agent.
One possible solution is to disavow, disclaim or sharply limit any liability for what the intelligent automated agent does. This is, however, more difficult in practice than in theory. Since intelligent automated agents operate solely on the initiator's computer (or a server being used on behalf of the initiator), no one other than the initiator will know what the scope of the intended authority of the intelligent automated agent is. Since intelligent automated agents do not typically identify themselves, no one will know the one with which he or she is dealing. Finally, since a intelligent automated agent could interact with persons or entities with whom it has no prior contractual relationship, its initiator may not be able to resolve all liability issues through the use of disavowals or disclaimers.